Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (`GET /api/v1/timelines/public`)
This commit is contained in:
parent
f6ff19e074
commit
790ae8e189
|
@ -16,6 +16,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
- ActivityPub: Polls are now refreshed when necessary.
|
- ActivityPub: Polls are now refreshed when necessary.
|
||||||
- Mastodon API: Ensure the `account` field is not empty when rendering Notification entities.
|
- Mastodon API: Ensure the `account` field is not empty when rendering Notification entities.
|
||||||
- Report emails now include functional links to profiles of remote user accounts
|
- Report emails now include functional links to profiles of remote user accounts
|
||||||
|
- Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (`GET /api/v1/timelines/public`)
|
||||||
|
|
||||||
### Removed
|
### Removed
|
||||||
- ActivityPub: The `/objects/:uuid/likes` endpoint.
|
- ActivityPub: The `/objects/:uuid/likes` endpoint.
|
||||||
|
|
|
@ -527,9 +527,10 @@ def fetch_latest_activity_id_for_context(context, opts \\ %{}) do
|
||||||
end
|
end
|
||||||
|
|
||||||
def fetch_public_activities(opts \\ %{}) do
|
def fetch_public_activities(opts \\ %{}) do
|
||||||
q = fetch_activities_query([Pleroma.Constants.as_public()], opts)
|
opts = Map.drop(opts, ["user"])
|
||||||
|
|
||||||
q
|
[Pleroma.Constants.as_public()]
|
||||||
|
|> fetch_activities_query(opts)
|
||||||
|> restrict_unlisted()
|
|> restrict_unlisted()
|
||||||
|> Pagination.fetch_paginated(opts)
|
|> Pagination.fetch_paginated(opts)
|
||||||
|> Enum.reverse()
|
|> Enum.reverse()
|
||||||
|
|
|
@ -398,7 +398,6 @@ def public_timeline(%{assigns: %{user: user}} = conn, params) do
|
||||||
|> Map.put("local_only", local_only)
|
|> Map.put("local_only", local_only)
|
||||||
|> Map.put("blocking_user", user)
|
|> Map.put("blocking_user", user)
|
||||||
|> Map.put("muting_user", user)
|
|> Map.put("muting_user", user)
|
||||||
|> Map.put("user", user)
|
|
||||||
|> ActivityPub.fetch_public_activities()
|
|> ActivityPub.fetch_public_activities()
|
||||||
|> Enum.reverse()
|
|> Enum.reverse()
|
||||||
|
|
||||||
|
|
|
@ -96,6 +96,22 @@ test "the public timeline when public is set to false", %{conn: conn} do
|
||||||
|> json_response(403) == %{"error" => "This resource requires authentication."}
|
|> json_response(403) == %{"error" => "This resource requires authentication."}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "the public timeline includes only public statuses for an authenticated user" do
|
||||||
|
user = insert(:user)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
build_conn()
|
||||||
|
|> assign(:user, user)
|
||||||
|
|
||||||
|
{:ok, _activity} = CommonAPI.post(user, %{"status" => "test"})
|
||||||
|
{:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "private"})
|
||||||
|
{:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "unlisted"})
|
||||||
|
{:ok, _activity} = CommonAPI.post(user, %{"status" => "test", "visibility" => "direct"})
|
||||||
|
|
||||||
|
res_conn = get(conn, "/api/v1/timelines/public")
|
||||||
|
assert length(json_response(res_conn, 200)) == 1
|
||||||
|
end
|
||||||
|
|
||||||
describe "posting statuses" do
|
describe "posting statuses" do
|
||||||
setup do
|
setup do
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
|
|
Loading…
Reference in New Issue